Transcript CiscoS4C - YSU Computer Science & Information Systems

S4 C1
REVIEW
Review Topics
• Switching, VLANs, LAN Design,
Routing
Protocols (especially IGRP), ACLs, and IPX
• Why use LAN switching and VLANs
• Must gather and assess user requirements
• Select best routing protocol
• Device a method to control data packet flow based
on access control lists (ACLs)
• Design for multiple protocols – IPX and IP
Network Demands
• Increase in large graphic files, images, and
full-motion video – place strain on 10 Mbps
• Network utilization sharing large files,
accessing database servers, etc. results in
network congestion which is evidenced by
slower response times, longer file transfers,
and decreased productivity
• SOLUTION – MORE BANDWIDTH
Why Segmentation?
• Decrease network congestion
• Data passed between segments is
transmitted on backbone which is its own
collision domain
LAN Switch Segmentation
• Switch eliminates impact of collisions
through microsegmentation
• Switch results in low latency and high
frame-forwarding rate
• LAN segmentation works with 802.3
(CSMA/CD) compliant interfaces and
cabling
How a LAN Switch Operates
• Enables dedicated access, eliminates
collisions, increases capacity, and supports
multiple conversations
• Acts as multiport bridge creating smaller
collisions domains; transparent to upper
layers and uses layer 2 MAC address
• Forwards frames based on forwarding table
and MAC addresses
How the LAN Switch Learns
Addresses
• Examines source address of frames coming in to
switch
• Sends frame out all ports expect the port the frame
entered when the address is broadcast, multicast,
or unknown
• Forwards frame when the destination is on a
different segment (interface)
• Filters when the destination is on the same
interface
Symmetric/Asymmetric
• Symmetric
– Provides switching between like bandwidths
– Multiple simultaneous conversations increase
network throughput
• Asymmetric
– Provides switching between unlike bandwidths
– Requires the switch to use memory buffering
Switching Types
• Cut Through
– Lowest latency; only reads 6 bytes
– No error checking – sends as soon as outgoing interface
is determined
• Fragment Free
– Low latency
– Checks for collisions (filters most errors) – reads 64 bytes
• Store and Forward
– Highest latency
– All errors filtered
• Does CRC before looking up destination tables and forwarding
the frame
VLANS
• Group of ports or users in same broadcast
domain
• Based on port ID, MAC address, protocol,
or application
• Created with switches and network
management software
• Frame tagged with VLAN ID
LVAN & Broadcast
Transmission
• Logical network independent of members’
physical locations
• Administratively defined broadcast domain
• Users reassigned to different VLAN using
software
• Broadcast Transmission
– Single data packet sent into network and copies
and set to every network node
Frame Filtering
• A filtering table is developed for each
switch
• Switches share address table information
• Table entries are compared to frames
• Switch takes appropriate action
Frame Tagging
• Developed for multi-VLAN interswitched
communication
• Places unique identifier in header of each frame as
it travels across vertical cabling
• Identifier removed before frame exits switch on
non-backbone links
• Layer 2 Protocol
• Requires little processing and administrative
overhead
VLAN Broadcast Demands
• VLANS and routers restrict broadcasts to
domain of origin
• Adjacent ports do not receive broadcast
traffic generated from other VLANs
• Control the size of broadcast domain by
limiting the size of the VLAN
Port-Centric VLANS
• All nodes attached to the same router port
must be in the same broadcast domain
–
–
–
–
–
Users are assigned by port
VLANs are easily administered
Security between VLANs is maximized
Packets do not "leak" into other domains
VLANs and VLAN membership are easily
controlled across network
Static VLANs
• Statically assigned ports (port-centric is one
type of static VLAN)
• Secure – only ports identified with VLAN
receive broadcast
• Easy to configure and monitor
• Easy to reassign port to another VLAN
Dynamic VLANs
• Assigned using centralized VLAN management
application
• Based on MAC address, logical address, or
protocol type
• Less administration in wiring closet
• Notification when unrecognized user is added to
network
• More administration required up front to set up
database within VLAN management software and
to maintain accurate database of users
LAN Design Goals
•
•
•
•
Functionality
Scalability
Adaptability
Manageability
Design Methodology
• Know Client – Determine Client goals
• Analyze requirements
• Develop LAN structure (physical and
logical topology)
• Set up addressing and routing
Problems LAN Design Solves
•
•
•
•
•
•
Media contention
Excessive broadcasts
Need to transport new payloads
Need for more bandwidth
Overloaded backbone
Network layer addressing issues
Topology Issues
•
•
•
•
•
Where are routers placed?
Where are switches placed?
What type of network media is used?
Do you use hubs, repeaters?
Design Goals
– MDF (concentration point) with IDFs
– LAN switching and microsegmentation
Design Goals Continued
• Create LAN segments that will filter flow of
data packets
• Isolate ARP broadcasts
• Isolate collisions between segments
• Filter Layer 4 services between segments
• Router is the central point in the LAN for
traffic destined for the WAN port.
More Design Goals
• Within the MDF and IDFs, the Layer 2
LAN switches must have high speed
(100Mbps) ports allocated for servers.
Routing Metrics
• A number used to represent distance and
costs
• Bandwidth, delay, load reliability, hops,
ticks, Costs
– Information used to select best path for routing
Routing Protocols
• Distance vector – adds metrics
• Link State (SPF) re-creates the exact
topology of entire internetwork
• Balanced hybrid – combines aspects of linkstate and distance vector
Distance Vector
Bellman-Ford
• Pass periodic copies of routing table from
router to router
• Routers do not know exact topology of
network
Exterior / Interior Routing
Protocols
• Exterior – communicate between
autonomous systems
– BGP and EGP
• Interior – communicate within autonomous
system
– IGRP, EIGRP, OSPF, RIP
IGRP
• Cisco Proprietary
• Uses bandwidth, delay, load, reliability, and
MTU (Maximum transmission Unit)
• Versatile, complex topologies, flexible for
segments with different bandwidths,
scalable
• Router igrp autonomous-system
• Network network-number
Access Lists
• Standard
– Simpler address specifications
– Generally permits or denies entire protocol
suite
• Extended
– More complex address specifications
– Generally permits or denies specific protocols
– Permits or denies with more granularity M
How Access Lists Work
• For logical completeness, an access list
must have conditions that test true for all
packets using the access list. A final implied
statement covers all packets for which
conditions did not test true. This final test
condition matches all other packets. It
results in a deny. Instead of proceeding in or
out an interface, all these remaining packets
are dropped.
Access List Numbers
• IP standard 1-99
• IP Extended 100-199 * Named (Cisco
IOS 11.2 and higher)
• IPX standard 800-899
• IPX extended 900-999
• SAP Filters 1000-1099
• AppleTalk
600-699
Access Lists Check For
•
•
•
•
Source IP address
Destination IP address
Specific protocols
Upper-level TCP or UDP port
Wildcard Masks
• 0 bit means check the corresponding bit
value
• 1 bit means do not check the corresponding
bit value
• ANY can replace 0.0.0.0 255.255.255.255
– 0.0.0.0 means any network
– 255.255.255.255 means do not check any
– Host ip address means check all bits
Placing IP Access Lists
• Place standard access lists close to
destination
• Place extended access lists close to the
source
Cisco/Novell Compatibility
• Uses Access lists and filters for IPX, RIP, SAP,
and NetBIOS
• Scalable routing protocols, including Enhanced
IGRP and NLSP
• Configurable RIP and SAP updates and packet
sizes
• Server-less LAN support
• Rich diagnostics, management, and
troubleshooting features
Novell
• Network protocol stack supports all
common media access protocols. Data link
and physical layers accessed through ODI
(Open Data Link Interface)
– RIP routing information
– SAP advertise network services
– NCP provides client-to-server connections
and applications
– SPX connection oriented services
Novell Addressing
• 80 bits
– 32
– 48
network
host – MAC address
• No subnets
• No need for ARP
Cisco Encapsulation
• Ethernet
–
–
–
–
Ethernet_802.3
Ethernet_802.2
Ethernet_II
Ethernet_Snap
novell-ethernet
sap
arpa
snap
• Token Ring
– Token-ring
– Token-ring_snap
• FDDI
sap
snap
FDDI_SNAP
snap
» FDDI=802.2
» FDDI_Raw
sap
novell-fddi
Novell Routing
• Uses ticks and top counts
• Broadcasts every 60 seconds
• Uses simple split horizon
– Does not advertise routes that were learned
from the same port
• Load shares based on IPX maximum-paths
SAPs
• SAP packets advertise all NetWare services
• Can add excessive broadcast traffic
• Routers listen to SAPS and build tables for
known services and broadcast table every
60 seconds
• Router responds to queries by providing
network address – client contacts device
directly
GNS
• Broadcast from client needing a server
• Server and router get SAP packet
• Servers provide GNS response
IPX Routing Configuration
• Global
– IPX Routing
– Load Sharing
• Interface Configuration
– Network numbers
– Encapsulation Type
Show Commands and
Troubleshooting
•
•
•
•
•
•
Show ipx interface
Show ipx route
Show ipx servers
Show ipx traffic
Debug ipx routing activity
Debug ipx sap